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Claims 

What is claimed is: 

1 1. A method for communication via a data network, between two parties that share a 

2 password, using a Diffie-Hellman type key exchange on a particular group to generate a shared 

3 secret g* y , where g is the group generator known to both parties and x is an index known to one party 

4 and y is an index known to the other party, the group having a group operation and an inverse group 

5 operation, the method comprising the steps of: 

6 one party generating a parameter m by performing the group operation on g* and a function 

7 of at least the password, wherein any portion of a result associated with the function that is outside 

8 the group is randomized, and transmitting m to the other party, whereby the other party may perform 

9 the inverse group operation on m and the function of at least the password, and remove the 

10 randomization of any portion of the result associated with the function that is outside the group, to 

1 1 extract g* and calculate the shared secret g* y . 

1 2. The method of claim 1, wherein the particular group, denoted as G p q , is a sub-group of 

2 a group Z p where p and q are prime numbers such that p equals rq + 1 for a value r co-prime to q, 

3 and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G pq is performed by computing a parameter h, randomly selected from the 

5 group Z* , raising the parameter h to the exponent q and multiplying h q by the result associated with 

6 the function. 


1 3. The method of claim 1, wherein the one party is a client and the other party is a server. 

1 4. The method of claim 1, further comprising the step of: 

2 the one party receiving g from the other party and generating the shared secret g**. 
1 5. The method of claim 4, further comprising the step of: 
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2 the one party authenticating the other party by comparing a received value against a function 

3 of at least one of an identifier of the one party, an identifier of the other party, ra, ^, the shared 

4 secret, and the password. 

1 6. The method of claim 4, further comprising the step of: 

2 the one party transmitting a function of at least one of an identifier of the one party, an 

3 identifier of the other party, m, g y , the shared secret, and the password, to the other party whereby 

4 the other party may authenticate the one party. 

1 7. The method of claim 4 further comprising the step of: 

2 the one party generating a session key as a function of at least one of an identifier of the one 

3 party, an identifier of the other party, m, g*, the shared secret, and the password. 

1 8. A method for communication via a data network, between two parties that share a 


2 password, using a Diffie-Hellman type key exchange on a particular group to generate a shared 

3 secret g^, where g is the group generator known to both parties and jc is an index known to one party 

4 and y is an index known to the other party, the group having a group operation and an inverse group 

5 operation, the method comprising the steps of: 

6 responsive to the one party generating a parameter m by performing the group operation on 

7 g* and a function of at least the password, wherein any portion of a result associated with the 

8 function that is outside the group is randomized, and transmitting m to the other party, the other party 

9 performing the inverse group operation on m and the function of at least the password, removing the 

10 randomization of any portion of the result associated with the function that is outside the group, 

1 1 extracting g x , and calculating the shared secret g^. 

1 9. The method of claim 8, wherein the particular group, denoted as G , is a sub-group of 

2 a group Z* where p and q are prime numbers such that p equals rq + 1 for a value r co-prime to q, 
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3 and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G pq is performed by computing a parameter h, randomly selected from the 

5 group Z p , raising the parameter h to the exponent q and multiplying h q by the result associated with 

6 the function. 

1 10. In accordance with a protocol for communication over a data network between two 

2 parties that share a password, using a Diffie-Hellman type key exchange on a particular group to 

3 generate a shared secret g* 7 , where g is the group generator known to both parties and x is an index 

4 known to one party and y is an index known to the other party, the group having a group operation 

5 and an inverse group operation, apparatus associated with the one party comprising: 

6 at least one processor operative to: (i) generate a parameter m by performing the group 

7 operation on and a function of at least the password, wherein any portion of a result associated 

8 with the function that is outside the group is randomized; and (ii) transmit m to the other party, 

9 whereby the other party may perform the inverse group operation on m and the function of at least 

1 0 the password, and remove the randomization of any portion of the result associated with the function 

1 1 that is outside the group, to extract g* and calculate the shared secret g* y . 

1 11. The apparatus of claim 1 0, wherein the particular group, denoted as G p q , is a sub-group 

2 of a group Z p where p and q are prime numbers such that p equals rq + 1 for a value r co-prime to 

3 q, and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G pq is performed by computing a parameter h, randomly selected from the 

5 group Z p , raising the parameter h to the exponent q and multiplying h q by the result associated with 

6 the function. 

1 12. The apparatus of claim 10, wherein the one party is a client and the other party is a 

2 server. 
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1 13. The apparatus of claim 10, wherein the at least one processor associated with the one 

2 party is further operative to receive g from the other party and generate the shared secret g* y . 

1 14. The apparatus of claim 13, wherein the at least one processor associated with the one 

2 party is further operative to authenticate the other party by comparing a received value against a 

3 function of at least one of an identifier of the one party, an identifier of the other party, w, the 

4 shared secret, and the password. 

1 15. The apparatus of claim 13, wherein the at least one processor associated with the one 

ij 2 party is further operative to transmit a function of at least one of an identifier of the one party, an 

,S 3 identifier of the other party, w, ^, the shared secret, and the password, to the other party whereby 

; jut 

! y 4 the other party may authenticate the one party. 

!U 

l u , 1 16. The apparatus of claim 13, wherein the at least one processor associated with the one 


s_ 2 party is further operative to generate a session key as a function of at least one of an identifier of the 

; E 3 one party, an identifier of the other party, m, g? 9 the shared secret, and the password. 

; ™ 
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□ 1 17. In accordance with a protocol for communication over a data network between two 

E s 

2 parties that share a password, using a Diffie-Hellman type key exchange on a particular group to 

3 generate a shared secret g* 7 , where g is the group generator known to both parties and x is an index 

4 known to one party and y is an index known to the other party, the group having a group operation 

5 and an inverse group operation, apparatus associated with the other party comprising: 

6 at least one processor operative to, in response to the one party generating a parameter m by 

7 performing the group operation on g* and a function of at least the password, wherein any portion 

8 of a result associated with the function that is outside the group is randomized, and transmitting m 

9 to the other party: (i) perform the inverse group operation on m and the function of at least the 
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1 0 password; (ii) remove the randomization of any portion of the result associated with the function that 

11 is outside the group; (iii) extract g*; and (iv) calculate the shared secret g* y . 

1 18. The apparatus of claim 17, wherein the particular group, denoted as G pq , is a sub-group 

2 of a group Z* where p and q are prime numbers such that p equals rq + 1 for a value r co-prime to 

3 q, and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G pq is performed by computing a parameter h, randomly selected from the 

5 group Z* , raising the parameter h to the exponent q and multiplying h q by the result associated with 

6 the function. 

JSS. 

y 

B 1 19. An article of manufacture for communication via a data network, between two parties 

y 2 that share a password, using a Diffie-Hellman type key exchange on a particular group to generate 

fji 3 a shared secret g^, where g is the group generator known to both parties and x is an index known to 

H 4 one party and y is an index known to the other party, the group having a group operation and an 

□ 5 inverse group operation, the article comprising a machine readable medium containing one or more 

Ej 6 programs which when executed implement the steps of: 

II 7 one party generating a parameter m by performing the group operation on g* and a function 

2 8 of at least the password, wherein any portion of a result associated with the function that is outside 

9 the group is randomized, and transmitting m to the other party, whereby the other party may perform 

10 the inverse group operation on m and the function of at least the password, and remove the 

1 1 randomization of any portion of the result associated with the function that is outside the group, to 

12 extract g* and calculate the shared secret g^. 

1 20. An article of manufacture for communication via a data network, between two parties 

2 that share a password, using a Diffie-Hellman type key exchange on a particular group to generate 

3 a shared secret g^, where g is the group generator known to both parties and x is an index known to 

4 one party and y is an index known to the other party, the group having a group operation and an 
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5 inverse group operation, the article comprising a machine readable medium containing one or more 

6 programs which when executed implement the steps of: 

7 responsive to the one party generating a parameter m by performing the group operation on 

8 g* and a function of at least the password, wherein any portion of a result associated with the 

9 function that is outside the group is randomized, and transmitting m to the other party, the other party 

1 0 performing the inverse group operation on m and the function of at least the password, removing the 

1 1 randomization of any portion of the result associated with the function that is outside the group, 

12 extracting g*, and calculating the shared secret g*. 
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